Sergei Volokitin

**Name of the Vulnerable Software and Affected Versions** de.fac2 version 1.34 **Description** The issue allows bypassing the User Presence protection mechanism when malware is present on the victim's PC. This occurs due to a flaw in de.fac2 version 1.34, enabling potential exploitation. **Recommendations** For de.fac2 version 1.34, consider disabling the User Presence protection mechanism temporarily until a patch is available to prevent bypassing. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trilogy versions prior to 2.1.1 **Description** When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. This issue can be avoided by only connecting to trusted servers. **Recommendations** For versions prior to 2.1.1, upgrade to version 2.1.1 to resolve the issue. As a temporary workaround, consider only connecting to trusted servers to minimize the risk of exploitation.